Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog - Best Business Review Site 2024

Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog

[ad_1]

The US Cybersecurity and Infrastructure Security Agency (CISA) updated its catalog of known exploited vulnerabilities this week, adding 15 vulnerabilities based on evidence that threat actors are actively exploiting them.

The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. 

Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. 

“It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria,” Parkin said. “With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline.”

The rest of the list covers a range of Microsoft, Apache, Apple, and Jenkins vulnerabilities with remediation dates of August 10.

While some experts questioned CISA’s new additions to the list, Netenrich’s John Bambenek explained that anything that provides a straightforward path to elevated privileges and is being exploited by the kind of threat actors CISA is concerned about needs to be remediated immediately.  

screen-shot-2022-02-11-at-2-49-19-pm.png

CISA

Pravin Madhani, CEO of K2 Cyber Security, noted that more than half of the vulnerabilities are classified as remote code execution (RCE) vulnerabilities.  

“RCE is one of the most dangerous types of vulnerabilities as it gives the attacker the ability to run almost any code on the hacked site. RCE, and other flaws such as XSS (Cross Site Scripting), have long been included on the OWASP Top 10 list, so why aren’t companies better equipped to protect against these attacks?” Madhani asked. 

Viakoo CEO Bud Broomhead said he believes cybercriminals are using older vulnerabilities in exploits against new device targets, specifically IoT devices. 

As an example, Broomhead mentioned vulnerabilities that enable man-in-the-middle (MitM) attacks. 

“Virtually all IT systems are protected against this threat, but IoT systems often are not, leading threat actors to revisit these older vulnerabilities knowing that network-connected IoT devices can be exploited through them,” Broomhead said. 

“This would lead to a vulnerability discovered years ago being added recently to the CISA catalogue. With close to 170,000 known vulnerabilities priority should be given to the ones that are causing real damage right now, not ones that in theory could cause damage.”

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot